In general, a standard system upgrade is sufficient to effect thenecessary changes.

Details follow:

Marcus Meissner discovered that the winbind plugin of pppd does notcheck the result of the setuid() call. On systems that configure PAMlimits for the maximum number of user processes and enable the winbindplugin, a local attacker could exploit this to execute the winbindNTLM authentication helper as root. Depending on the local winbindconfiguration, this could potentially lead to privilege escalation.